68454

John Mayr - SimCorp Ltd

RBS meltdown illustrates dangers of legacy system

04 December 2013 | 2188 views | 3

When IT infrastructure collapses, companies quickly realise how business critical it is. RBS learnt this lesson the difficult way this week when its systems collapsed on the busiest online shopping day of the year, leaving customers unable to use cards or
pay for goods online. At the highest levels, the bank has admitted that
its IT systems have suffered from chronic underinvestment for decades. RBS still cannot identify the cause of the meltdown, and is now committing spend to improving infrastructure.

IT systems are often neglected in budgets, usurped by more high profile areas of spend and leaving companies saddled with overlapping and outdated systems ill-equipped to cope with current business needs – so-called legacy systems. The financial services
industry is riddled with reliance on platforms developed in the eighties and nineties, and paid heavily for it during the crisis. Some companies took weeks to identify their exposure to failed US Investment bank Lehman Brothers as a result of using ancient
technology platforms governed by slow and inaccurate manual processes. Indeed, the very collapse of MF Global in 2011 has been in part attributed to the inability of the company to monitor risk on its antiquated IT systems.

There is often reluctance to make sufficient investments into renewing IT structures, particularly in times of recession when budgets are already under pressure. This is one of the factors that has led to dependence on legacy technology instead of state-of-the-art
investment platforms (and no doubt partly why recent research showed that up to one-in-four investment managers is reliant on legacy systems).

However, this can prove to be a false economy, as maintaining outdated technology can carry significant costs in ongoing maintenance compared to their newer counterparts. It can also put a straight-jacket on a company’s growth ambitions as legacy systems
are notoriously difficult to adapt to new business requirements. And as the RBS example shows, there is a significant cost to compensating customers when systems fail to perform their basic function. What’s more, the reputational risk associated with this
incident will be hard to put a price on.

Comments: (3)

... to believe that newer technology is always better. "State of the art" today often means PC technology accumulated in huge and complex server farms, many more "moving parts" and hence more chances for failure. Stock exchanges used to run on fault tolerant
systems and meanwhile hava been put on said "state of the art" which did have impact on their reliability.

Very often, the problem is failure to invest in training for legacy systems, and also prpblems in interfacing between legacy and "state of the art".

There's no silver bullet here. Legacy system or not, there's plenty of evidence that even with a clean sheet, a bank will never have a perfect system. RBS has had the pain of integrating many systems as a result of acquisitions on both the M & IB and Retail
sides of the business; no different from many other banks that have grown via M & A.

And as to "state of the art". I'd really love to learn about one core banking system that could lay a claim to being "state of the art". It's almost impossibe, given the state of change of the market. I've seen vendors struggle to incorporate the demands
of the "internet generation" into their core application. I've seen RFP responses where as many as 5 separate technologies have been offered in the "solution". I still monitor several core banking implementations that are in their 5th year of project life....

Structured financial products that stoked investor greed, rating agencies that gave AAA ratings to such products, and, most importantly, the ability to privatize their gains and socialize their losses - when there are these and other lower hanging fruits
available to explain what happened, I'm intrigued by how you blame legacy systems for the collapse of banks. In any case, if these legacy systems were too weak to spot the risks in various products, how come they were strong enough to help create these risky
products in the first place? I have a very different take on why banks continue to use their legacy systems and it resonates well with the views expressed by @FinextraM and @MarkP: